On Wed, Dec 16, 2015 at 4:26 AM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > > Solution: obey best practice. Never run auth and cache on the same > address. On the same machine is fine, they are different daemons. >
Which one listens on port 53? Also, how do you point the caching daemon at the authoritative daemon for internal servers/domains/etc? My authoritative server for doubleclick.net is not the same as the one you'll find in the .net servers. Also, for the domains I use internally the DNS server and resolution is different within my LAN from what you'd see on the internet. I know that at my employer internal DNS resolution is not the same as what you'd find outside the organization, so this isn't an issue unique to small setups. One of the reasons I run auth and cache on the same host is that it greatly simplifies dependencies. If I want to run them on separate containers then they'll either need static addresses, or need to use DHCP, which means the DHCP server has a potential circular dependency with the DNS servers. Plus most of my containers are going to need DNS so these containers need to be running before other containers get started. For a large-scale datacenter the separated approach makes a lot of sense. If you're running 5000 hosts having two (or likely 10 counting various backups/etc) that you start first isn't a big deal, and neither is dedicating a bit of hardware to DNS/DHCP. If you're running all your services on one host, it can get a bit messy when you start having multiple DNS servers all running on different IPs on the same host. It can of course still be done. I just use BIND for both. It isn't the best solution, but it is adequate. -- Rich